Bug #1293
closederror when trying to view puppet certificates
Description
I'm getting this error when clicking on Settings -> Smart Proxies -> Certificates . It appears that the proxy is correctly invoking puppetca via sudo.
# rpm -qa | grep foreman foreman-0.4-0.1rc4.noarch foreman-proxy-0.3-0.1rc2.noarch foreman-release-1-1.noarch
The HTTP 500 error message that's returned:
The following error message was observed: smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#, :smart_proxy_id=>"1-ctrl"}
foreman production.log (IP/hostname's changed)
Processing SmartProxies::PuppetcaController#index (for 1.1.1.1 at 2011-11-02 12:01:29) [GET] Parameters: {"smart_proxy_id"=>"1-ctrl"} Rendering template within layouts/application Rendering smart_proxies/puppetca/index ActionView::TemplateError (smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#<SmartProxies::PuppetCA:0x7f89d93198a8 @fingerprint="E9:27:4C:B1:96:7B:5F:B2:78:76:CC:81:7B:17:A1:1E", @smart_proxy_id=1, @name="ctrl.example.com ", @expires_at=nil, @valid_from=nil, @state="valid">, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#<SmartProxies::PuppetCA:0x7f89d93198a8 @fingerprint="E9:27:4C:B1:96:7B:5F:B2:78:76:CC:81:7B:17:A1:1E", @smart_proxy_id=1, @name="ctrl.example.com ", @expires_at=nil, @valid_from=nil, @state="valid">, :smart_proxy_id=>"1-ctrl"}) on line #23 of app/views/smart_proxies/puppetca/index.html.erb: 20: <td><%= h cert.fingerprint %></td> 21: <td> 22: <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :method => :put) if cert.state == "pending" %> 23: <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :confirm => 'Are you sure?', :method => :delete) if cert.state != "revoked" %> 24: </td> 25: </tr> 26: <% end -%> app/helpers/application_helper.rb:105:in `display_link_if_authorized' app/views/smart_proxies/puppetca/index.html.erb:23 app/views/smart_proxies/puppetca/index.html.erb:14:in `each' app/views/smart_proxies/puppetca/index.html.erb:14 app/helpers/application_helper.rb:105:in `display_link_if_authorized' app/views/smart_proxies/puppetca/index.html.erb:23 app/views/smart_proxies/puppetca/index.html.erb:14:in `each' app/views/smart_proxies/puppetca/index.html.erb:14 Rendering template within layouts/application Rendering common/500 (500) [root@ctrl foreman]#
foreman-proxy proxy.log
D, [2011-11-02T12:01:29.999297 #1732] DEBUG -- : Found puppetca at /usr/sbin/puppetca D, [2011-11-02T12:01:29.999440 #1732] DEBUG -- : Found sudo at /usr/bin/sudo D, [2011-11-02T12:01:29.999493 #1732] DEBUG -- : Executing /usr/bin/sudo -S /usr/sbin/puppetca --list --all
sudo invocation in /var/log/secure
Nov 2 12:01:30 ctrl-27 sudo: foreman-proxy : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/usr/sbin/puppetca --list --all
Updated by Andreas Ntaflos about 13 years ago
Same problem here on Ubuntu 10.04, using Foreman 0.4-~nightlybuild1320199902 and Smart Proxy 0.3-~nightlybuild1320199883, along with Puppet 2.7.6.
Invoking puppetca --list --all
as user foreman
via sudo apparently works fine, listing all certificates correctly. Can we do anything to help debug this?
Updated by Andreas Ntaflos about 13 years ago
I suppose the following error is related to the problems described above. I get this when trying to provision a new host (using Ubuntu, PXE and Preseed). Booting the installer works fine, the problem appears when the Debian installer tries to retrieve its specified preseed file (as in http://puppet.example.com/foreman/unattended/provision). This shows up as a 500 error to the client, while the Foreman production log shows this:
Processing UnattendedController#provision (for 10.59.1.133 at 2011-11-03 19:37:58) [GET] Found RISELANCCR01.rise-s.com **DEPRECATION WARNING*** Managing Puppet CA without a smart-proxy will not be supported in the next release **DEPRECATION WARNING*** Managing Puppet CA without a smart-proxy will not be supported in the next release Permission denied - /etc/puppet/autosign.conf /usr/lib/ruby/1.8/fileutils.rb:1033:in `initialize' /usr/lib/ruby/1.8/fileutils.rb:1033:in `open' /usr/lib/ruby/1.8/fileutils.rb:1033:in `touch' /usr/lib/ruby/1.8/fileutils.rb:1027:in `each' /usr/lib/ruby/1.8/fileutils.rb:1027:in `touch' /usr/share/foreman/vendor/plugins/proxy/lib/proxy.rb:131:in `sign' /usr/share/foreman/app/models/host.rb:210:in `handle_ca' /usr/share/foreman/app/controllers/unattended_controller.rb:141:in `handle_ca' Rendering common/500 (500)
Updated by Ohad Levy about 13 years ago
Does the following solves your issue?
diff --git a/app/views/smart_proxies/index.html.erb b/app/views/smart_proxies/index.html.erb index 1c0d387..6a31a0e 100644 --- a/app/views/smart_proxies/index.html.erb +++ b/app/views/smart_proxies/index.html.erb @@ -17,7 +17,7 @@ <td><%=h proxy.features.to_sentence %></td> <td class="ra"> <% if proxy.features.include? Feature.find_by_name("Puppet CA") -%> - <%= display_link_if_authorized "Certificates | ", hash_for_smart_proxy_puppetca_index_path(:smart_proxy_id => proxy) %> + <%= display_link_if_authorized "Certificates | ", hash_for_smart_proxy_puppetca_index_path(:smart_proxy_id => proxy.to_param) %> <%= display_link_if_authorized "Autosign | ", hash_for_smart_proxy_autosign_index_path(:smart_proxy_id => proxy) %> <% end -%> <% if SETTINGS[:unattended] and proxy.features.include? Feature.find_by_name("DHCP") -%>
Updated by Joshua Hoblitt about 13 years ago
The patch applied cleanly to 0.4-0.1rc4, restarted apache (running foreman under passenger), and it looks like we're still getting the same error:
The following error message was observed: smart_proxy_puppetca_url failed to generate from {:action=>"update", :id=>#, :smart_proxy_id=>"1-ctrl", :controller=>"SmartProxies::Puppetca"}, expected: {:action=>"update", :controller=>"SmartProxies::Puppetca"}, diff: {:id=>#, :smart_proxy_id=>"1-ctrl"}
Updated by Ohad Levy about 13 years ago
how about ?
diff --git a/app/views/smart_proxies/puppetca/index.html.erb b/app/views/smart_proxies/puppetca/index.html.erb index 90d625d..21037bb 100644 --- a/app/views/smart_proxies/puppetca/index.html.erb +++ b/app/views/smart_proxies/puppetca/index.html.erb @@ -19,8 +19,8 @@ <td><%= time_column cert.expires_at, :tense => :future %></td> <td><%= h cert.fingerprint %></td> <td> - <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), :me - <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert), + <%= display_link_if_authorized("Sign", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert.to_pa + <%= display_link_if_authorized("Destroy", hash_for_smart_proxy_puppetca_path(:smart_proxy_id => @proxy.to_param, :id => cert.to </td> </tr> <% end -%>
Updated by Greg Sutcliffe about 13 years ago
I'm also hitting this. Ohad, your patch looks malformed - the lines are truncated, so I can't test it. I can confirm that simply removing the Destroy link makes the page function again, although of course you cannot revoke certificates :)
Updated by Ohad Levy about 13 years ago
- Target version set to 1.0
Ok, how about?
diff --git a/app/models/smart_proxies/puppet_ca.rb b/app/models/smart_proxies/puppet_ca.rb index c951904..ac68970 100644 --- a/app/models/smart_proxies/puppet_ca.rb +++ b/app/models/smart_proxies/puppet_ca.rb @@ -7,6 +7,7 @@ class SmartProxies::PuppetCA def initialize opts @name, @state, @fingerprint, @valid_from, @expires_at, @smart_proxy_id = opts.flatten + @name.strip! @valid_from = Time.parse(@valid_from) unless @valid_from.blank? @expires_at = Time.parse(@expires_at) unless @expires_at.blank? end
Updated by Paul Mooring about 13 years ago
That change didn't fix it, but I'm having the same problem on a version from the yum repository, rpm -q says:
foreman-0.4-0.2.noarch
foreman-proxy-0.3-0.2.noarch
are the versions I'm running.
Updated by Ohad Levy about 13 years ago
- Target version changed from 1.0 to 0.4.1
Updated by Greg Sutcliffe about 13 years ago
That results in "Cannot modify frozen string". Avoid editing the name object directly seems to work - e.g:
--- a/app/models/smart_proxies/puppet_ca.rb +++ b/app/models/smart_proxies/puppet_ca.rb @@ -20,7 +20,7 @@ class SmartProxies::PuppetCA api = ProxyAPI::Puppetca.new({:url => proxy.url}) certs = api.all.map do |name, properties| - new([name, properties['state'], properties['fingerprint'], properties["not_before"], properties["not_after"], proxy.id]) + new([name.strip, properties['state'], properties['fingerprint'], properties["not_before"], properties["not_after"], proxy.id]) end.compact # save our CA details for 5 seconds
Updated by Yun Zheng Hu about 13 years ago
Greg Sutcliffe wrote:
That results in "Cannot modify frozen string". Avoid editing the name object directly seems to work - e.g:
[...]
I can confirm that this works
Updated by Ohad Levy about 13 years ago
- Status changed from New to Closed
- % Done changed from 0 to 100
Applied in changeset 23b12ba7aea93e099e5c5d57361835d73323d6da.